Bouncing Back from Forced Change – the Active Directory Angle

As you know, recent events forced nearly every organization in the world to quickly adjust the status of its workforce. Whether it was to transition office-based workers to remote access, to temporarily furlough employees with the intent to bring them back at some point, or, unfortunately, to terminate employees; each action required changes to accounts, permissions, group memberships and other attributes in Active Directory (AD).

If your organization is like 95 percent of the Fortune 1000, AD is your enterprise directory-of-record of employee and contractor permissions. I’m sure that you are painfully aware that these changes are no small undertaking. From creating and populating temporary groups, modifying user distribution list, pausing access for furloughed users and terminating access for laid off employees, each of these actions typically requires someone from IT to manually make the changes. When the affected user population is large and the changes are made quickly, the potential for errors is high.

Just imagine the number of orphaned accounts that could remain in your AD. Then, there’s the potential for misassigned permissions and excessive access rights. So, what controls do you have in place to ensure consistency and avoid costly disruptions? Then, what do you do when the crisis ends? Remote workers will return to the office, furloughed employees will come back online – they will require a reversal of all the actions executed at the onset. Plus, there’s the inevitable new-hires you will need to quickly bring on board, too.

It’s probably too late to address the challenges of the rushed and error-prone re-provisioning and de-provisioning requirements. That boat has sailed, but it is not too late to set yourself up for a smooth transition back to normalcy. You can simplify and automate processes to quickly clean up the mess that was forced upon you. You can put your organization in a much better position for the next inevitable crisis.

One Identity is the industry leader in Active Directory account lifecycle management. Thousands of organizations worldwide, across all industries use our Active Roles solution to automate, control, audit and execute all the joiner/mover/leaver actions for AD, Azure AD and all connected systems. A particularly good example of what our Active Roles solution can do is our large education customers. They regularly deal with high-volume changes in a short amount of time. See the case study list below to learn how invaluable our solution is to them.

Expand Control Beyond AD

Did you know that you could expand the reach of account lifecycle management beyond AD, Azure AD? In addition to the usual Microsoft resources like Exchange and Office 365, you can bring control to other platforms and systems, including UNIX, Linux, and Mac, and SaaS apps such as Workday, ServiceNow, Salesforce, and many others.

Organization that already use Active Roles can quickly, thoroughly and accurately made all the initial changes. More importantly is that they are specially equipped to just as efficiently roll back changes and return to normal.

Resources to Help Your Organization Bounce Back

We would love to help you bounce back in a better state than you were before the current situation. There’s a number of resources available:

Education Case Studies

Related Content